Lucene search
+L

42 matches found

ossf
ossf
added 2 days ago7 views

Malicious code in home-mp-commons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885b9dad73e9eeb07a1fcb4a94493ec85573f656f7b9347a8682f56db359cfd6 [email protected] is an empty npm package declared main index.js is absent from the tarball whose sole effect on install is to resolve a single...

6.2AI score
Exploits0References2
osv
osv
added 3 days ago4 views

MAL-2026-10479 Malicious code in node-fsmetrics-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b67fad1d72f63941a3973df07e6cbd980c9e3c3bbe5041818f58b9be07d6b7e9 The tarball contains archive-sender.js, which tars the directory /root/.codex, splits the archive into 200MB chunks, and uploads each chunk by runnin...

6.2AI score
Exploits0References5
ossf
ossf
added 2026/07/02 9:23 p.m.9 views

Malicious code in epic-build-scripts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14d466b50466bb93e6e9130d18e67b680c7255beecafe16043dc5ee51bfec886 On import epicbuildscripts, the package's top-level init spawns a background thread that POSTs a JSON payload containing socket.gethostname, the...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/06/26 5:44 a.m.8 views

Malicious code in react-context-form-tdsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...

6.2AI score
Exploits0References1
ossf
ossf
added 2026/06/23 2:11 p.m.11 views

Malicious code in ttal2ttml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29387ac35a2248ad2e4b287b8c082f8d1a8d03b4937fc84a5b81fb85697e19d4 package.json declares a preinstall lifecycle script that runs node -e "tryrequire'childprocess'.execSync'curl -sf...

5.8AI score
Exploits0References5
ossf
ossf
added 2026/06/18 3:56 a.m.10 views

Malicious code in oem-agentic-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f612eb2fa947323c936a0bb1becc602f0f837f9023edac22a945470566386a8c [email protected] is a hollow stub: index.js exports an empty object and package.json has empty author, empty description, and no real...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/16 4:24 a.m.13 views

Malicious code in @ts-internal/shared-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7afc836ea4b9ecc7e09f0add976470f1b4e253f8b5b53b3ce706889efb349171 The package squats the internal-looking scope @ts-internal/shared-lib on the public npm registry and runs a network beacon both during install...

5.4AI score
Exploits0References1
osv
osv
added 2026/06/16 2:14 a.m.10 views

MAL-2026-5857 Malicious code in event-metrics-q3x7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...

5.8AI score
Exploits0References10
ossf
ossf
added 2026/06/11 7:39 a.m.15 views

Malicious code in tailwind-animator-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...

6AI score
Exploits0References2
ossf
ossf
added 2026/06/10 10:38 p.m.13 views

Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

5.7AI score
Exploits0References3
ossf
ossf
added 2026/06/09 5:43 p.m.14 views

Malicious code in exodus-secure-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bc77b12251baa18392bd90e84d6bdc57aaef9a8c774f8cb29a0066e80f76b5 On npm install, the package runs node src/canary.js as a postinstall hook. That script performs a DNS lookup and HTTPS GET to the hardcoded host...

5.4AI score
Exploits0References1
ossf
ossf
added 2026/06/09 5:29 p.m.19 views

Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/09 5:29 p.m.15 views

MAL-2026-5454 Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

5.9AI score
Exploits0References2
ossf
ossf
added 2026/06/05 12:53 a.m.16 views

Malicious code in autotel-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bce8c001a8e85b493ccdd8af1e3e57f3578d1026e6d5d147374b0a68467313 autotel-devtools ships bundled CommonJS and ESM artifacts dist/cli.cjs, dist/cli.js, dist/index.cjs, dist/index.js, dist/server/index.cjs,...

6.1AI score
Exploits0References11
ossf
ossf
added 2026/06/05 12:53 a.m.14 views

Malicious code in awaitly-mongo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f476f15bad689e2500c24cf2f416567759e5182689cc2cc301912ddfde02b1c4 No concrete installer-harm signals were identified in this package version. The package name suggests a MongoDB-related async helper, but no specific...

6.1AI score
Exploits0References27
ossf
ossf
added 2026/06/05 12:53 a.m.13 views

Malicious code in @forjacms/client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e53cc7a866c8a2316aec94a20aa737e6bdb4a71202c0f363e301219ae1291ac The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
ossf
ossf
added 2026/06/05 12:53 a.m.18 views

Malicious code in awaitly-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f926748b1e107755cfd17cb9151edc730b0228b6e857735a6794f8c1e71c65 No concrete indicators of installer-side harm were identified in this package version. No lifecycle hooks fetching remote payloads, no credential-pat...

6.1AI score
Exploits0References12
ossf
ossf
added 2026/06/05 12:53 a.m.15 views

Malicious code in eslint-plugin-executable-stories-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3b2b639cf616d5d975e12b917cfd679b4e247fce023e0b2bbf64b7a1482b596 No concrete installer-harm signals were identified in this package version. No lifecycle scripts, hardcoded network destinations, credential-path...

6AI score
Exploits0References4
osv
osv
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5207 Malicious code in @forjacms/sections (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c21dd7e7453f68aa7240f5ec40de3a37683b0a9655d0218a094c528e042766f The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References4
osv
osv
added 2026/06/05 12:53 a.m.12 views

MAL-2026-5241 Malicious code in create-wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3bd71e3d5a93887188f34c9434d24b09d1108a2471ab437d6e78ae216162b05 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
Rows per page
Query Builder